Class: CredHubble::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/cred_hubble/client.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil, client_cert_path: nil, client_key_path: nil) ⇒ CredHubble::Client

Instantiates a new CredHubble::Client.

Parameters:

  • host (String)

    host for the target CredHub server

  • port (Integer) (defaults to: 8844)

    port for the target CredHub server

  • auth_header_token (String) (defaults to: nil)

    oAuth2 bearer token for auth header

  • client_cert_path (String) (defaults to: nil)

    path to a client TLS certificate

  • client_key_path (String) (defaults to: nil)

    path to a client TLS encryption key

  • ca_path (String) (defaults to: nil)

    path to a CA certificate



18
19
20
21
22
23
24
25
26
27
 
# File 'lib/cred_hubble/client.rb', line 18

def initialize(host:, port: 8844, auth_header_token: nil, ca_path: nil,
               client_cert_path: nil, client_key_path: nil)

  @host = host
  @port = port
  @auth_header_token = auth_header_token
  @ca_path = ca_path
  @client_cert_path = client_cert_path
  @client_key_path = client_key_path
end

Class Method Details

.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil) ⇒ CredHubble::Client

Instantiates a new CredHubble::Client using a client TLS certificate and key for mutual TLS authentication.

Parameters:

  • host (String)

    host for the target CredHub server

  • port (Integer) (defaults to: 8844)

    port for the target CredHub server

  • client_cert_path (String)

    path to a client TLS certificate

  • client_key_path (String)

    path to a client TLS encryption key

  • ca_path (String) (defaults to: nil)

    path to a CA certificate

Returns:



53
54
55
56
57
58
59
60
61
 
# File 'lib/cred_hubble/client.rb', line 53

def self.new_from_mtls_auth(host:, port: 8844, client_cert_path:, client_key_path:, ca_path: nil)
  new(
    client_cert_path: client_cert_path,
    client_key_path: client_key_path,
    host: host,
    ca_path: ca_path,
    port: port
  )
end

.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil) ⇒ CredHubble::Client

Instantiates a new CredHubble::Client using an oAuth2 bearer token for auth header authentication.

Parameters:

  • host (String)

    host for the target CredHub server

  • port (Integer) (defaults to: 8844)

    port for the target CredHub server

  • auth_header_token (String)

    oAuth2 bearer token for auth header

  • ca_path (String) (defaults to: nil)

    path to a CA certificate

Returns:



36
37
38
39
40
41
42
43
 
# File 'lib/cred_hubble/client.rb', line 36

def self.new_from_token_auth(host:, port: 8844, auth_header_token:, ca_path: nil)
  new(
    auth_header_token: auth_header_token,
    ca_path: ca_path,
    host: host,
    port: port
  )
end

Instance Method Details

#add_permissions(permission_collection) ⇒ CredHubble::Resources::PermissionCollection

Adds additional Permissions to an existing Credential. The Credential is specified by the ‘credential_name` field on the PermissionCollection

Parameters:

Returns:



178
179
180
181
 
# File 'lib/cred_hubble/client.rb', line 178

def add_permissions(permission_collection)
  response = http_client.post('/api/v1/permissions', permission_collection.to_json).body
  CredHubble::Resources::PermissionCollection.from_json(response)
end

#credential_by_id(credential_id) ⇒ CredHubble::Resources::Credential

Retrieves a Credential by ID.

Parameters:

  • credential_id (String)

    a CredHub credential identifier

Returns:



84
85
86
87
 
# File 'lib/cred_hubble/client.rb', line 84

def credential_by_id(credential_id)
  response = http_client.get("/api/v1/data/#{credential_id}").body
  CredHubble::Resources::CredentialFactory.from_json(response)
end

#credentials_by_name(name, current: nil, versions: nil) ⇒ CredHubble::Resources::CredentialCollection

Retrieves a collection of Credentials by Name.

Parameters:

  • name (String)

    a CredHub credential name, e.g ‘/my-credential’

  • current (Boolean) (defaults to: nil)

    whether or not to return only the current version of a Credential

  • versions (Integer) (defaults to: nil)

    the maximum number of versions of a Credential to return

Returns:



96
97
98
99
100
101
102
103
104
 
# File 'lib/cred_hubble/client.rb', line 96

def credentials_by_name(name, current: nil, versions: nil)
  template = Addressable::Template.new('/api/v1/data{?query*}')

  query_args = { name: name, current: current, versions: versions }.reject { |_, v| v.nil? }
  path = template.expand(query: query_args).to_s

  response = http_client.get(path).body
  CredHubble::Resources::CredentialCollection.from_json(response)
end

#current_credential_value(credential_name) ⇒ String, ...

Retrieves the value of the current Credential for the given name

Parameters:

  • credential_name (String)

    a CredHub credential name, e.g ‘/my-credential’

Returns:

  • (String, Hash, RsaValue, SshValue, UserValue, CertificateValue, nil)

    the Credential#value if it exists



110
111
112
113
 
# File 'lib/cred_hubble/client.rb', line 110

def current_credential_value(credential_name)
  current_credential = credentials_by_name(credential_name, current: true).first
  current_credential && current_credential.value
end

#delete_credential_by_name(name) ⇒ Boolean

Deletes a Credential with the given Name.

Parameters:

  • name (String)

    a CredHub credential name, e.g ‘/my-credential’

Returns:

  • (Boolean)

    true if the deletion was successful



163
164
165
166
167
168
169
170
 
# File 'lib/cred_hubble/client.rb', line 163

def delete_credential_by_name(name)
  template = Addressable::Template.new('/api/v1/data{?query*}')

  query_args = { name: name }
  path = template.expand(query: query_args).to_s

  http_client.delete(path).success?
end

#delete_permissions(credential_name, actor) ⇒ Boolean

Deletes any permissions for the given actor for a Credential.

Parameters:

  • credential_name (String)

    a CredHub credential name, e.g ‘/my-credential’

  • actor (String)

    a CredHub actor, e.g. ‘uaa-user:fca1ae5e-f417-45ce-94b0-79889e27e047’

Returns:

  • (Boolean)

    true if the deletion was successful



188
189
190
191
192
193
194
195
 
# File 'lib/cred_hubble/client.rb', line 188

def delete_permissions(credential_name, actor)
  template = Addressable::Template.new('/api/v1/permissions{?query*}')

  query_args = { credential_name: credential_name, actor: actor }
  path = template.expand(query: query_args).to_s

  http_client.delete(path).success?
end

#healthCredHubble::Resources::Health

Performs a GET request to the CredHub /health endpoint.

Returns:



74
75
76
77
 
# File 'lib/cred_hubble/client.rb', line 74

def health
  response = http_client.get('/health').body
  CredHubble::Resources::Health.from_json(response)
end

#infoCredHubble::Resources::Info

Performs a GET request to the CredHub /info endpoint.

Returns:



66
67
68
69
 
# File 'lib/cred_hubble/client.rb', line 66

def info
  response = http_client.get('/info').body
  CredHubble::Resources::Info.from_json(response)
end

#interpolate_credentials(vcap_services_json) ⇒ String

Populates “credhub-ref” keys in a JSON string (e.g. ENV) with credential values.

Parameters:

  • vcap_services_json (String)

    a valid JSON string including, particularly one from a Cloud Foundry app’s VCAP_SERVICES environment variable

Returns:

  • (String)

    a valid JSON string with populated CredHub references



155
156
157
 
# File 'lib/cred_hubble/client.rb', line 155

def interpolate_credentials(vcap_services_json)
  http_client.post('/api/v1/interpolate', vcap_services_json).body
end

#permissions_by_credential_name(credential_name) ⇒ CredHubble::Resources::PermissionCollection

Retrieves a collection of Permissions for a Credential by Credential Name.

Parameters:

  • credential_name (String)

    a CredHub credential name, e.g ‘/my-credential’

Returns:



120
121
122
123
124
125
126
127
128
 
# File 'lib/cred_hubble/client.rb', line 120

def permissions_by_credential_name(credential_name)
  template = Addressable::Template.new('/api/v1/permissions{?query*}')

  query_args = { credential_name: credential_name }
  path = template.expand(query: query_args).to_s

  response = http_client.get(path).body
  CredHubble::Resources::PermissionCollection.from_json(response)
end

#put_credential(credential, overwrite: nil, additional_permissions: []) ⇒ CredHubble::Resources::Credential

Creates a new Credential or adds a new version of an existing Credential.

Parameters:

  • credential (CredHubble::Resources::Credential)

    a CredHubble::Resources::Credential instance

  • overwrite (Boolean) (defaults to: nil)

    whether or not CredHub should create a new current version for existing Credentials

  • additional_permissions (CredHubble::Resources::PermissionCollection) (defaults to: [])

    a CredHubble::Resources::PermissionCollection for additional Permissions to set on the credentials

Returns:



138
139
140
141
142
143
144
145
146
147
148
 
# File 'lib/cred_hubble/client.rb', line 138

def put_credential(credential, overwrite: nil, additional_permissions: [])
  credential_body = credential.attributes_for_put
  credential_body[:overwrite] = !!overwrite unless overwrite.nil?

  unless additional_permissions.empty?
    credential_body[:additional_permissions] = additional_permissions.map(&:attributes)
  end

  response = http_client.put('/api/v1/data', credential_body.to_json).body
  CredHubble::Resources::CredentialFactory.from_json(response)
end